RE: SSH accepts protocol version 1.99

From: Bennett R. Samowich (brs_at_fsproduce.com)
Date: 08/19/03

  • Next message: Bennett R. Samowich: "RE: SSH accepts protocol version 1.99"
    Date: Tue, 19 Aug 2003 14:15:44 -0400
    To: <chris@redstarnetworks.net>
    
    

    Yes, it was through nessus. I also confirmed it by setting PuTTY to use
    protocol version 1 and it still connected. I couldn't find any mention
    of disabling version 1 (except for the Protocol config option). Is it
    possible that this is a bug?

    - Bennett

    -----Original Message-----
    From: Chris Odell [mailto:chris@redstarnetworks.net]
    Sent: Tuesday, August 19, 2003 2:02 PM
    To: Bennett R. Samowich; secureshell@securityfocus.com
    Subject: RE: SSH accepts protocol version 1.99

      Where your findings via "Nessus"? I was wondering the same after I
    removed everything except for version 2 from the config and was
    presented with the same results.

    Chris Odell

    -----Original Message-----
    From: Bennett R. Samowich [mailto:brs@fsproduce.com]
    Sent: Monday, August 18, 2003 1:45 PM
    To: secureshell@securityfocus.com
    Subject: SSH accepts protocol version 1.99

    Greets,

    During an audit we discovered that our SSH daemons allowed protocols
    1.99 and 2.0. We have the line "Protocol 2" in the config file which I
    thought would cause sshd to only allow protocol 2.0.

    Is this true or am I missing something else?

    Thanks in advance,
    - Bennett


  • Next message: Bennett R. Samowich: "RE: SSH accepts protocol version 1.99"